So here is the challenge: Is it possible to make HIPAA easier to understand, while remaining legal and HIPAA compliant? To create this easy HIPAA, we used the following seven strategies.#1 Limited Scope
The first easy-HIPAA strategy is to limit the scope. In hard-HIPAA, they try to cover the whole healthcare industry but just end up confusing everybody. In easy-HIPAA, we focus on small clinics. This app is NOT for health insurance companies and is NOT for big hospital chains. The HIPAA Lifeguard app is just for small clinics.#2 Focus on the Important Stuff
The second easy-HIPAA strategy is to focus on the important parts of HIPAA - the stuff that leads to big HIPAA fines. In hard-HIPAA, they insist on memorizing everything including famous dates in HIPAA history. The hard-HIPAA certification tests ask: "In what year was the HIPAA Omnibus Rule signed into law?" Does that really matter!? In easy-HIPAA, we focus on what the HIPAA Police focus on - securing patient data (also known as PHI or Protected Health Information).#3 Better Examples
The third easy-HIPAA strategy is to provide better examples - more colorful examples. In hard-HIPAA, they have more officers than the Army: Privacy Officer, Security Officer, Compliance Officer, and HIPAA Officer. Do they really expect us to remember the difference between the Privacy Officer and the Security Officer? In easy-HIPAA, we use just one title: HIPAA Lifeguard. Every small clinic assigns one person to be the HIPAA Lifeguard.#4 Do-It-Yourself
The fourth easy-HIPAA strategy is to make HIPAA do-it-yourself. In hard-HIPAA, they require hiring expensive lawyers and consultants that stampede through the clinic, disrupting workflows. Easy-HIPAA is do-it-yourself. The app walks you through the six tasks with how-to-videos.#5 Mobile App
The fifth easy-HIPAA strategy is to use your cellphone. In hard-HIPAA, they still use the DOS command prompt from the 1980s. In easy-HIPAA, everything can be done with just a cellphone. The app is designed and built specifically for cellphone screens.#6 Simple Tasks
The sixth easy-HIPAA strategy is to customize and simplify the risk-assessment. In hard-HIPAA, their 340 page risk-assessment has an 'addressable' decision tree that confuses chess grandmasters. In easy-HIPAA, we have six tasks that are straight forward.#7 PHI Hotspots
The seventh easy-HIPAA strategy is to simplify Protected Health Information (PHI). In hard-HIPAA, electronic-PHI (ePHI) is somehow different from other PHI. In hard-HIPAA, they are still not sure if an X-ray is PHI, ePHI, or not-PHI. In easy-HIPAA, we condense all PHI into a list of PHI Hotspots. Everybody in your clinic will know these PHI Hotspots - there will be no doubts about PHI.
The most important output of the app is the clinic's customized list of PHI Hotspots.
ClinicNerds developed this HIPAA Lifeguard App using the above strategies. (To be clear, ClinicNerds is the company name - the product is the HIPAA Lifeguard App.)
At the beach and pool, a lifeguard watches over and protects the swimmers. At the clinic, the HIPAA Lifeguard watches over and secures the PHI Hotspots.
The clinic owners designate a person (e.g. Office Manager) to be the HIPAA Lifeguard. The HIPAA Lifeguard will be the person using the HIPAA Lifeguard app.
Every small clinic has a few dozen PHI Hotspots. The six tasks in this app reveal your PHI Hotspots. If any PHI Hotspot is lost, stolen, or hacked it is a PHI breach that should be reported to the HIPAA Police.
This app helps the HIPAA Lifeguard manage the clinic's PHI Hotspots. Every employee will be trained to know the clinic's PHI Hotspots. If the clinic buys a new computer, the HIPAA Lifeguard will add it to the PHI Hotspots.
In easy-HIPAA, we reduce it down to a few ideas:
Healthcare is hard enough. There are already a million daily headaches in a clinic. Let's not make it any harder than it needs to be. Simple words and simple concepts are more likely to be understood by your employees. Lifeguards and hotspots are deliberately simple words and concepts.